Vulnerability in Red Hat Ansible Automation Platform 2.5
CVE-2025-9909
A flaw was found in the Red Hat Ansible Automation Platform Gateway route creation component. This vulnerability allows credential theft via the creation of misleading routes using a double-slash (//) prefix in the gateway_path. A maliciou…
EPSS: 0.000 (0.3th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.7 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Red Hat Ansible Automation Platform 2.5 — versions sha256:93b5d66f1fa8a3241d999df47c8430c13fa11b751b5fc3d4a8fd2a39d282b3fd
- Red Hat Ansible Automation Platform 2.5 For Rhel 8 — versions 0:3.1.1-1.el8ap, 0:25.12.0-1.el8ap, 0:25.12.2-1.1.el8ap
- Red Hat Ansible Automation Platform 2.5 For Rhel 9 — versions 0:3.1.1-1.el9ap, 0:25.12.0-1.el9ap, 0:25.12.2-1.1.el9ap
- Red Hat Ansible Automation Platform 2.6 — versions sha256:d6bd83a65b6a0ca9cead0652736c51dd1ab02fc8d9ee2a5c19e413a5239c0cb7
- Red Hat Ansible Automation Platform 2.6 For Rhel 9 — versions 0:2.6.20251119-1.el9ap
Weakness classification (CWE)
References
- RHSA-2025:21768 (vendor-advisory, x_refsource_REDHAT)
- RHSA-2025:21775 (vendor-advisory, x_refsource_REDHAT)
- RHSA-2025:23069 (vendor-advisory, x_refsource_REDHAT)
- RHSA-2025:23131 (vendor-advisory, x_refsource_REDHAT)
- access.redhat.com/security/cve/CVE-2025-9909 (vdb-entry, x_refsource_REDHAT)
- RHBZ#2392836 (issue-tracking, x_refsource_REDHAT)
Frequently asked questions
- What is CVE-2025-9909?
- CVE-2025-9909 is a medium-severity vulnerability in Red Hat Ansible Automation Platform 2.5, classified under CWE-647. CVSS score: 6.7/10. Published 2026-02-27.
- How severe is CVE-2025-9909?
- Medium severity. CVSS v3 base score is 6.7 out of 10.